Convenient WiFi network access using unique identifier value

ABSTRACT

A WiFi network manager stores a unique identifier value such as a network address associated with a communication device as being a valid credential for the communication device to subsequently access a WiFi network including one or more access points. The WiFi network manager monitors use of the unique identifier value to access the WiFi network. In response to detecting misuse of the unique identifier value by two or more communication devices using the unique identifier value to use the WiFi network, the WiFi network manager at least temporarily prevents access to the WiFi network.

RELATED APPLICATIONS

This application is a continuation of earlier filed U.S. patentapplication Ser. No. 13/455,031 entitled “CONVENIENT WIFI NETWORK ACCESSUSING UNIQUE IDENTIFIER VALUE”, filed on Apr. 24, 2012, the entireteachings of which are incorporated herein by this reference.

BACKGROUND

Conventional computer devices typically include a network interfacecapable of communicating with a WiFi network. For example, according tocurrent technology, to learn of WiFi access points in a region, acomputer device transmits a wireless query signal in a region. Inresponse to the wireless signal, any of one or more WiFi network accesspoints in the region respond with information indicating theiridentities. Accordingly, via the response information from the accesspoints, the operator of the computer device can identify which, if any,WiFi networks are available in a region.

WiFi networks can be openly accessible to any communication device or,alternatively, accessible only by a certain group of subscribers. Toaccess a private WiFi network, a user may be authenticated to verifythat the user should be given access to the WiFi network.

One way to authenticate a WiFi user is to request the user to provide avalid password prior to providing the user access to the resources inthe WiFi network. For example, a WiFi access point can be configured tochallenge a user each time they attempt to use the WiFi network. Inresponse to a challenge, the user provides a password and username. Ifthe password is correct for the username, a user may be provided accessto the WiFi network. If the password is incorrect, the user may bedenied access to the WiFi network.

Another conventional way of preventing improper use of a WiFi network isuse of encryption in which both a client network device and a WiFiaccess point (e.g., wireless router) encrypt wirelessly transmitteddata. In such an instance, a user programs the WiFi access point withone or more appropriate encryption keys. The user also programs eachcommunication device with one or more appropriate encryption keys.

BRIEF DESCRIPTION OF EMBODIMENTS

Conventional applications suffer from a number of deficiencies. Forexample, configuring a WiFi access point and each network device istypically a difficult task for non-savvy computer users.

Additionally, as mentioned above, as an alternative to encryption, anopen WiFi network may require that a subscriber provide a valid passwordand username each time the user would like to use the WiFi network.Inputting an appropriate password each time a subscriber would like toobtain access to the WiFi network can be tedious, thus diminishing thevalue of a subscription to the WiFi network.

Programming of a communication device and a base station with encryptionkeys can require assistance from a sophisticated computer user.

Embodiments herein deviate with respect to conventional techniques. Forexample, one embodiment herein is directed to providing a subscribermore convenient access to WiFi network resources.

More specifically, according to one embodiment, a WiFi network managerreceives a request from a subscriber for access to a WiFi network. TheWiFi network may have one or more access points in a particular zone orregion of coverage. To facilitate access, the WiFi network can be anopen network accessible by the public. In other words, no specialencryption key or encoding is required to communicate with the accesspoint.

In response to receiving the request, assuming the user has not yetregistered, the WiFi network manager connects the requesting subscriberto a remote resource such as a web portal. Via the web portal, the WiFinetwork manager receives password information from the subscriber. Inaddition to receiving password information, the WiFi network managerreceives a unique identifier value such as a network address or othersuitable resource associated with the communication device to be used bythe subscriber to access the WiFi network.

By way of a non-limiting example, the network address can be a MAC(Media Access Control) address assigned to the communication deviceoperated by the subscriber; unique identifier value associated with anapplication executed on the communication device, etc.

In accordance with one embodiment, the WiFi network manager associatesthe password information and any other personal information submitted bythe subscriber to the unique identifier value associated with thecommunication device. For example, the WiFi network manager stores theunique identifier value such as a network address as a valid identifierfor accessing the WiFi network.

On a subsequent attempt by the subscriber to access the WiFi network viaa communication session, the communication device operated by thesubscriber forwards the unique identifier value of the communicationdevice to an access point to which the user would like to connect. Theaccess point relays the unique identifier value to the WiFi networkmanager. The WiFi network manager verifies that no other communicationdevice using the WiFi network is assigned the unique identifier valueforwarded by the access point. The WiFi network manager enables thecommunication device operated by the subscriber access to the WiFinetwork as long as there are no other users currently use the uniqueidentifier value to access the WiFi network.

Thus, in lieu of having to provide a password that the subscriber isprone to forgetting, embodiments herein include use of the uniqueidentifier value as a basis in which to allow access to the WiFinetwork. In other words, a network address or other unique identifiervalue can be used as a credential to use resources associated with theWiFi network.

As mentioned, the WiFi network manager monitors attempts by othercommunication devices to use the WiFi network based on the uniqueidentifier value associated with the communication device operated bythe subscriber. If a second communication device attempting to accessthe WiFi network uses the same unique identifier value, it is assumedthat the network address is being misused. For example, a hacker mayhave improperly gained access to a network address (e.g., credential toaccess the WiFi network) and programmed their own communication devicewith the network address in an attempt to steal WiFi network services.

In response to detecting improper use of the network address to obtainuse of the WiFi network at different geographically located accesspoints in the WiFi network, the WiFi network manager prevents anillegitimate user (e.g., user of the second communication device in thisexample) of the network address access to the WiFi.

In accordance with further embodiments, the WiFi network manager canrespond to detecting misuse in accordance with corresponding businessrules.

As an example, in one embodiment, in response to detecting misuse of thenetwork address by the second communication device, the WiFi networkmanager can be configured to prevent use of the WiFi network by thesecond communication device. As mentioned, it is possible that the userof the second communication device misappropriated use of the networkaddress assigned to the first device.

Additionally, and/or alternatively, according to business rules, theWiFi network manager can challenge the subscriber operating the firstcommunication device to provide password information that was providedduring registration. In such an instance, assume the subscriber of thefirst communication device or second communication device submits thecorrect password information to the WiFi network manager. Depending onwhich communication device submits the proper password informationassociated with the unique identifier value being used as a credentialto access the WiFi network, the WiFi network manager can prevent/provideaccess to the WiFi network.

In this manner, the WiFi network manager can initially provide thesubscriber unencumbered access to the WiFi network without requiringadditional information that needs to be remembered by the subscriber.Instead, the unique identifier value (i.e., network address) assigned tothe communication device serves as a credential enabling access to theWiFi network. Upon detection of misuse of the network address to obtainaccess to the WiFi network, the WiFi network manager implements measuresto determine which user properly uses the network address and which onemisappropriated the unique identifier value.

In one embodiment, as an alternative to detecting determining misuse asa result of simultaneous use of the unique identifier value, the WiFinetwork manager can be configured to determine the misuse based ondetecting attempted back-to-back use of the network address by a firstcommunication device and a second communication device to access theWiFi network within a predetermined time.

In accordance with further embodiments, the WiFi network manager canallow use of the unique identifier value to obtain access to the WiFinetwork for a pre-specified time limit. After the time limit expires,the WiFi network manager can be configured to challenge the subscriberto provide the appropriate password information again. Upon receipt ofthe proper password information from the subscriber, the time limit canbe reset again.

Note that in accordance with yet further embodiments, a uniqueidentifier value can be assigned to a corresponding executableapplication residing on the communication device. In response to a userinitiating execution of the application or a request from the user ofthe application to establish a communication session with a WiFinetwork, the application may attempt to locate and establish aconnection. When attempting access, the application transmits the uniqueidentifier value to the access point. In a manner as previouslydiscussed, the unique identifier value provided by the executedapplication can be analyzed by the network manager to determine whetherthe unique identifier value is a valid credential. If not, the user canregister the unique identifier value. Accordingly, the unique identifiervalue need not be a network address of the communication device.

These and other more specific embodiments are disclosed in more detailbelow.

Any of the resources as discussed herein can include one or morecomputerized devices, servers, base stations, wireless communicationequipment, communication management systems, workstations, handheld orlaptop computers, or the like to carry out and/or support any or all ofthe method operations disclosed herein. In other words, one or morecomputerized devices or processors can be programmed and/or configuredto operate as explained herein to carry out different embodiments of theinvention.

Yet other embodiments herein include software programs to perform thesteps and operations summarized above and disclosed in detail below. Onesuch embodiment comprises a computer program product including anon-transitory computer-readable storage medium (i.e., any computerreadable hardware storage medium) on which software instructions areencoded for subsequent execution. The instructions, when executed in acomputerized device having a processor, program and/or cause theprocessor to perform the operations disclosed herein. Such arrangementsare typically provided as software, code, instructions, and/or otherdata (e.g., data structures) arranged or encoded on a non-transitorycomputer readable storage medium such as an optical medium (e.g.,CD-ROM), floppy disk, hard disk, memory stick, etc., or other a mediumsuch as firmware or shortcode in one or more ROM, RAM, PROM, etc., or asan Application Specific Integrated Circuit (ASIC), etc. The software orfirmware or other such configurations can be installed onto acomputerized device to cause the computerized device to perform thetechniques explained herein.

Accordingly, embodiments herein are directed to a method, system,computer program product, etc., that supports operations as discussedherein.

One embodiment includes a computer readable storage medium and/or systemhaving instructions stored thereon to facilitate distribution of contentaccording to one or more different levels of quality from a server. Theinstructions, when executed by a processor of a respective computerdevice, cause the processor or multiple processors of the system to:store a unique identifier value such as a network address as being avalid credential to access a WiFi network including multiple accesspoints; monitor use of the unique identifier value to access the WiFinetwork; and in response to detecting misuse of the network address toaccess the WiFi network, at least temporarily prevent a resource that isassigned the unique identifier value from accessing the WiFi network.

Yet another embodiments herein includes a computer readable storagemedium and/or system having instructions stored thereon to distributecontent from an intermediate distribution node. The instructions, whenexecuted by a processor of a respective computer device, cause theprocessor or multiple processors of the system to: receive a commandfrom a user to register a communication device with a WiFi network,registration of the communication device with the WiFi network being apre-condition of using the WiFi network; from the communication device,during the registration, input a network address of the communicationdevice to a gateway resource controlling access to the WiFi network; andsubsequent to the registration, receive repeated access to the WiFinetwork based on submissions of the network address to the gatewayresource.

The ordering of the steps above has been added for clarity sake. Notethat any of the processing steps as discussed herein can be performed inany suitable order.

Other embodiments of the present disclosure include software programsand/or respective hardware to perform any of the method embodiment stepsand operations summarized above and disclosed in detail below.

It is to be understood that the system, method, apparatus, instructionson computer readable storage media, etc., as discussed herein also canbe embodied strictly as a software program, firmware, as a hybrid ofsoftware, hardware and/or firmware, or as hardware alone such as withina processor, or within an operating system or a within a softwareapplication.

As discussed herein, techniques herein are well suited for use in thefield of providing access to one or more WiFi networks. However, itshould be noted that embodiments herein are not limited to use in suchapplications and that the techniques discussed herein are well suitedfor other applications as well.

Additionally, note that although each of the different features,techniques, configurations, etc., herein may be discussed in differentplaces of this disclosure, it is intended, where suitable, that each ofthe concepts can optionally be executed independently of each other orin combination with each other. Accordingly, the one or more presentinventions as described herein can be embodied and viewed in manydifferent ways.

Also, note that this preliminary discussion of embodiments hereinpurposefully does not specify every embodiment and/or incrementallynovel aspect of the present disclosure or claimed invention(s). Instead,this brief description only presents general embodiments andcorresponding points of novelty over conventional techniques. Foradditional details and/or possible perspectives (permutations) of theinvention(s), the reader is directed to the Detailed Description sectionand corresponding figures of the present disclosure as further discussedbelow.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, features, and advantages of theinvention will be apparent from the following more particulardescription of preferred embodiments herein, as illustrated in theaccompanying drawings in which like reference characters refer to thesame parts throughout the different views. The drawings are notnecessarily to scale, with emphasis instead being placed uponillustrating the embodiments, principles, concepts, etc.

FIG. 1 is an example diagram illustrating a network environment in withwhich users register to a use a WiFi network according to embodimentsherein.

FIG. 2 is an example diagram illustrating a communication deviceprogrammed with a unique identifier value according to embodimentsherein.

FIG. 3 is an example diagram illustrating storage of subscriberinformation according to embodiments herein.

FIG. 4 is an example diagram illustrating a connection manager thatselectively provides access to a WiFi network based on submitted uniqueidentifier values according to embodiments herein.

FIG. 5 is an example diagram illustrating verification of a user and/orcommunication device according to embodiments herein.

FIG. 6 is an example diagram illustrating denial of multiplecommunication devices assigned a common network address from using aWiFi network according to embodiments herein.

FIG. 7 is an example diagram illustrating is a graph of time versusdistance to determine whether a communication device can use the WiFinetwork at disparate locations according to embodiments herein.

FIG. 8 is an example diagram illustrating a condition in which acommunication device is denied use of a WiFi network at multipledisparate access points according to embodiments herein.

FIG. 9 is an example diagram illustrating a condition in which acommunication device is granted use of a WiFi network at multipledisparate access points according to embodiments herein.

FIG. 10 is an example diagram illustrating a computer architecture inwhich to execute one or more embodiments as discussed herein.

FIG. 11 is an example diagram illustrating a method of limiting accessto a WiFi network and corresponding resources according to embodimentsherein.

FIGS. 12 and 13 combine to form an example method of limiting access toa WiFi network and corresponding resources according to embodimentsherein.

FIGS. 14 and 15 combine to form an example method of limiting access toa WiFi network and corresponding resources according to embodimentsherein.

DETAILED DESCRIPTION

According to one embodiment, a WiFi network manager stores a uniqueidentifier value such as a network address associated with acommunication device as being a valid credential for the communicationdevice to subsequently access a WiFi network including one or moreaccess points. The WiFi network manager monitors use of the uniqueidentifier value to access the WiFi network. In response to detectingmisuse of the unique identifier value by two or more communicationdevices using the network address to use the WiFi network, the WiFinetwork manager at least temporarily prevents access to the WiFinetwork.

More specifically, FIG. 1 is an example diagram illustrating a networkenvironment in with which users register to use a WiFi network accordingto embodiments herein.

As shown, communication devices 160 (e.g., communication device 160-1,communication device 160-2, . . . ) resides and roam in networkenvironment 100.

Network environment 100 includes network 190 and network 191. In oneembodiment, by way of a non-limiting example, the networks 191 representWiFi networks available at different geographical locations. Forexample, network 191-1 can be a WiFi network located in New York;network 191-2 can be a WiFi network located in Boston; network 191-3 canbe a WiFi network located in Phildelphia; and so on.

Each network 191 can include one or more WiFi resources such as WiFiaccess points (e.g., wireless base stations). In accordance with onenon-limiting example, the networks 191 support communication based on asuitable wireless protocol such as 802.11 standards or the like.

During operation, networks 191 provide connectivity between one or morecommunication devices 160 and core network 190. Network 190 can includeany suitable wired or wireless network resources (e.g., switches,routers, servers, cellular network, repeater, coaxial cables, . . . )facilitating distribution and delivery of messages such as data packetsor other suitable format from sources to respective destinations. Byfurther way of a non-limiting example, each of the communication devices160 can be any suitable resource such as a mobile communication device,phone, personal computer system, a wireless device, base station, phonedevice, desktop computer, laptop, notebook, netbook computer, mainframecomputer system, handheld computer, workstation, network computer,application server, storage device, a consumer electronics device suchas a camera, camcorder, set top box, mobile device, video game console,handheld video game device, etc.

FIG. 2 is an example diagram illustrating of a communication deviceaccording to embodiments herein. Each of the communication devices 160in network environment 100 can include similar features.

As shown, the communication device 160-1 can include a display screen130, input resource 102, communication manager 340, and communicationinterface 355. During operation, the user 108-1 can select and open(i.e., execute) an application such as a browser to access network 190.

In one embodiment, the executed application communicates withcommunication manager 340 and/or communication interface 355 toestablish a WiFi connection. In this example, assume that thecommunication device 160-1 has been assigned network address 23790298.Use of the network address facilitates communications between thecommunication device 160-1 and remote destinations in the networkenvironment 100. For example, the network address can indicate how toroute data traffic.

For example, in accordance with one embodiment, the network address canbe used as a way of indicating to other resources in network environmenthow data is to be transmitted/routed back to the communication device160-1. Any of one or more data packets transmitted from a respectivecommunication device can include the unique identifier value embedded inthe respective data packets to indicate the network address of thesource generating the data packets. Packets directed in a reversedirection from resources in network environment 100 can include thenetwork address to indicate the destination to which the data packetsare transmitted.

Wireless transducer assembly 360 supports bi-directional wirelesscommunications. For example, wireless transducer assembly 360 supportstransmission of wireless signals from the communication device 160-1 toa respective WiFi network 191 in which the communication device 160-1resides; wireless transducer assembly 360 further supports reception ofwireless signals from a respective WiFi network 191 in which thecommunication device 160-1 resides.

Referring again to FIG. 1, the communication devices 160 may reside atany location and roam within network environment 100. Each WiFi network191 provides limited wireless coverage in a respective region. In oneembodiment, a single access point in a network 191 can provide indoorwireless connectivity between a communication device 160 and the accesspoint up to 50 or more feet; a single access point in a network 191 canprovide outdoor wireless connectivity between a communication device 160and the access point up to 100 or more feet. Of course, the amount ofcoverage provided by a particular access point can vary depending on howthe WiFi networks 191 are configured.

Assume in this example that the user 108-1 operating communicationdevice 160-1 resides in a region of wireless coverage provided by WiFinetwork 191-2. The communication device 160-1 can learn of the presenceof the WiFi network 191-2 based on monitoring the region for one or morewireless signals indicating presence and/or availability of the WiFinetwork 191-2.

In this example, assume that the user 108 of the communication device161-1 would like to use the WiFi network 191-2 to obtain access to theInternet. In such an embodiment, the communication device 160-1transmits one or more wireless signals indicating an attempt toestablish a session to communicate with network 190. The WiFi networks191 in network environment 100 can be open networks. That is, thecommunication devices 160 can use communicate with the access point150-1 without securing the data via encryption or other securityprotocol. Thus, in one embodiment, the WiFi network can be an opennetwork that is at least initially accessible by the public.

Assume in this example that access point 150-1 of WiFi network 191-2receives a request from communication device 161-2 to establish a WiFicommunication session. The initial attempt or request to establish thecommunication session can include receiving a unique identifier valuesuch as a network address from the communication device 160-1 that isused for data routing purposes. By way of a non-limiting example, theunique identifier value can be a MAC (Media Access Control) addressassigned to the communication device 160-1.

In one embodiment, the access point 150-1 forwards the request toestablish the communication session over network 190 to the gatewaymanager 142. The gateway manager 142 determines whether thecommunication device 160-1 requesting the access is already a subscriberauthorized to use WiFi networks 191.

Assume in this example that the user 108-1 and/or communication device160-1 have not yet been registered. Because the user 108-1 and/orcommunication device 160-1 have not yet been registered, the accesspoint 150-1 connects the requesting subscriber to a remote resource suchas registration server 141 such as a web portal. Via the registrationserver 141, the WiFi network manager 140 collects information toregister the user as a valid subscriber.

A subscriber may be requested to pay a fee to access one or more of WiFinetworks 191. Fees can be collected in any suitable manner such as viacredit card payment during registration.

Registration server 141 produces and stores registration information 165in repository 180-1.

FIG. 3 is an example diagram illustrating the different type ofinformation collected and stored by registration server 141 for each ofmultiple use according to embodiments herein.

In one embodiment, during registration of user 108-1 and/orcommunication device 160-1, the registration server 141 receives a nameof the user 108-1 (e.g., John Smith), a suitable unique identifier value(e.g., a network address assigned to the communication device 160-1 suchas 2370298), a password such as SUPER12345, device information, etc.

Thus, in accordance with one embodiment, the network manager 140produces subscriber information 165-1. Subscriber information 165-1associates the password information and any other personal informationsubmitted by the user 108-1 to the network address (e.g., 23790298)assigned to the communication device 160-1. For example, theregistration server 141 of network manager 140 stores the networkaddress 23790298 as a valid identifier for accessing the WiFi networks191 in the future.

In one embodiment, during registration of user 108-2 and/orcommunication device 160-2, the registration server 141 receives a nameof the user 108-2 (e.g., Anne Jones), a suitable unique identifier value(e.g., a network address assigned to the communication device 160-2 suchas A57E5660), a password such as BUNNY143, device information, etc.

Thus, in accordance with one embodiment, based on information receivedfrom user 108-2 during a registration, the network manager 140 producessubscriber information 165-2. Subscriber information 165-2 associatesthe password information and any other personal information submitted bythe user 108-2 to the network address (e.g., A57E5660) assigned to thecommunication device 160-2. For example, the registration server 141 ofnetwork manager 140 stores the network address A57E5660 as a valididentifier for accessing the WiFi networks 191 in the future.

The network manager 140 stores similar information for each subscriber.

As will be discussed later in this specification, the users and/orcommunication devices 160 will be able to access and use theirrespective unique identifier value such as a network addresses as abasis to establish additional communication sessions without having toinput other credentials as the respective network addresses assigned tothe registered communication devices 160 will be sufficient to establishone or more subsequent WiFi communication sessions.

Referring again to FIG. 1, subsequent to registration and payment ofappropriate fees, the registration server 141 notifies the access point150-1 that the user 108-1 and/or communication device 160-1 can use theWiFi network 191.

Recall that the access point 150-1 retrieved the network addressassociated with the communication device 160-1 during registration.Based on the network address of the communication device 160-1, theaccess point 150-1 acts as a proxy to transmit and receive data over thenetwork 190 based on the network address assigned to the communicationdevice 160-1.

For example, in one embodiment, the access point receives communicationsfrom the communication device over a wireless link established betweenthe access point 150-1 and the communication device 160-1. As a proxy,the access point 150-1 forwards the communications from thecommunication device 160-1 over network 190. The access point forwardsreply communications received over the network 190 to the communicationdevice 160-1 over the established communication link. Thus, during acommunication session when there is a wireless link between thecommunication device 160-1 and the access point 150-1, the user 108(i.e., subscriber) is able to communicate over network 190.

The respective user 108 can terminate the communication session in anumber of ways such as closing an application (such as a browser) thatuses the established communication link, roaming outside a region ofcoverage provided by access points associated with network 191-2, etc.

FIG. 4 is an example diagram illustrating use of a unique identifiervalue such as an assigned network address to establish a communicationsession with a respective WiFi network according to embodiments herein.

For example, assume in this example, that the user 108-1 roams in thenetwork environment 100 and would like to establish a communicationsession with WiFi network 191-3 at a new geographical location such asPhiladelphia.

In accordance with such an embodiment, the user 108-1 executes anappropriate application on the communication device 160-1. Because thecommunication device 160-1 resides in a region of wireless coverageprovided by access point 150-2, the executed application initiatescommunications with the access point 150-2 to establish a WiFicommunication session in a manner as previously discussed. During theattempt to establish the communication session, the communication device160-1 transmits the unique identifier value 23790298 to the access point150-2.

By way of a non-limiting example, the access point 150-2 communicateswith gateway manager 142 to determine whether the received uniqueidentifier value 23790298 corresponds to a subscriber that should beprovided access to the network 191-3. In other words, the access point150-2 communicates with the gateway manager 142 to determine whether thecommunication device 160-1 is authorized to use the network 191-3.

On this attempt by the user 108-1 to re-establish a communicationsession after registration, the communication device 160-1 operated bythe user 108-1 forwards the unique identifier value 23790298 of thecommunication device 160-1 to the gateway manager 142 of network manager140.

To determine whether the user 108-1 and/or communication device 160-1 isauthorized, the gateway manager 142 can perform one or more functions.

For example, in accordance with one embodiment, the gateway manager 142analyzes subscriber information 165 stored in repository 180-1 todetermine if the user 108-1 and/or communication device 160-1 haspreviously subscribed to use of services associated with WiFi networks191. In this example, based on the unique identifier value 23790298forwarded from the access point 150-2 to the gateway manager 142, thegateway manager 142 determines that the user 108-1 is a subscriber andthe communication device 160-1 should be allowed access to the network191-1.

Prior to notifying the access point 150-2 to provide access to thecommunication device 160-1, the gateway manager 142 performs anadditional check to determine whether any other devices currently usingany of networks 191 has been assigned the unique identifier value23790298. The gateway manager 142 stores network status information 175in repository 180-2. The network status information 175 can storeinformation such as the unique identifier values associated with eachother communication device using WiFi networks 191.

In this example, assume that the gateway manager 142 discovers that noother communication devices currently using any of resources associatedwith networks 191 have been assigned the network address 23790298. Inresponse to determining such a condition, the gateway manager 142notifies the access point 150-2 that the access point 150-2 can allowthe user 108-1 and/or communication device 160-1 access to the WiFinetwork 191-3.

Thus, in lieu of the user 108-1 having to perform a tedious task ofproviding a password or other suitable security information beforeand/or during establishment of the new communication session, thegateway manager 142 of network manager 140 uses the unique identifiervalue assigned to the communication device 160-1 t provide access. Inone embodiment, the unique identifier value is automatically provided bythe communication device 160-1 as a basis in which to allow access tothe WiFi network 191-3. In other words, the communication device 160-1,or corresponding application executed thereon, transmits the uniqueidentifier value (such as a network address) so that the access point(or other suitable resource) can act as a proxy to send and retrievedata on behalf of the communication device 160-1.

FIG. 5 is an example diagram illustrating use of subscriber informationand network status information according to embodiments herein.

As mentioned, the access point 150-2 receives the unique identifiervalue such as network address 23790298 from communication device 160-1.The access point 150-2 communicates with gateway manager 142 todetermine whether access should granted to the communication device160-1 to access the network 190 via network 191-3. Assume in thisexample that the network address 23790298 corresponds to a validsubscriber as indicated by a lookup in subscriber information 165. Inother words, subscriber information 165-1 indicates that the networkaddress 23790298 corresponds to a valid subscriber (i.e., user 108-1and/or communication device 160-1). Since the network status information175 does not indicate that another device currently uses the networkaddress 23790298 as looked up in network status information 175, thegateway manager 142 notifies the access point 150-2 to provide WiFinetwork access to communication device 160-1. Additionally, while thecommunication session is set up to provide the communication device160-1 connectivity to network 190 through access point 150-2, thegateway manager 142 stores appropriate information in network statusinformation 175 to indicate that the unique identifier value 23790298 iscurrently used by a subscriber operating communication device 160-1 toaccess the network 191.

Upon detecting the communication session between communication device160-1 and access point 150-2 is terminated, the access point 150-2provides notification to the gateway manager 142. The gateway manager142, in turn, updates the network status information 175 to indicatethat the communication session has been terminated. The communicationdevice 160-1 is then free to roam the different geographical regions andaccess an appropriate network 191 at different locations.

FIG. 6 is an example diagram illustrating detecting misuse of a uniqueidentifier value according to embodiments herein.

The gateway manager 142 of network manager 140 monitors use of thenetwork 191 for possible fraud. For example, the gateway manager 142monitors attempts by other communication devices to use the WiFi networkbased on the unique identifier value associated with the communicationdevice operated by the subscriber.

Assume in this example that the valid user 108-2 uses communicationdevice 160-1 to access network 191-3 as shown. If a second communicationdevice 160-X attempts to access any point in the WiFi network 191 usingthe same unique identifier value, it is assumed that one or moreinstances of using the unique identifier value 23790298 is a misuse.More specifically, a hacker (e.g., user 108-5) may have improperlygained access to the unique identifier value 23790298 and programmedtheir own communication device 160-X with the unique identifier value23790298 in an attempt to steal WiFi network services.

As previously discussed, the gateway manager 142 keeps track of thedifferent devices that currently use the network 191. As mentioned, thiscan include keeping track of the different unique identifier values ofdevices that currently use the network 191.

Assume in this example that the user 108-5 attempts to use network 191-2while the communication session between communication device 160-1 andnetwork 191-3 is still active. The network status information 175includes a log of the communication session. Upon receiving a requestand unique identifier value 23790298 from the communication device160-X, the access point 620-1 communicates with gateway manager 142 todetermine whether the communication device 160-X should be affordedaccess to the network 190 through the network 191-2.

Based on a lookup as previously discussed, the gateway manager 142 notesthat the unique identifier value 23790298 is a valid credential fornetwork access. However, in this example, because there is an activecommunication session between the communication device 160-1 and network191-3 as indicated by mode setting information 175, the gateway manager142 notifies the access point 620-1 not to provide network access. Thegateway manager now is aware that one of the communication devices(e.g., communication device 160-1 or communication device 160-X)improperly uses the unique identifier value 23790298 to gain access tonetwork 191.

In response to detecting improper use of the unique identifier value toobtain use of the WiFi network at different geographically locatedaccess points in the WiFi network, the gateway manager 142 (e.g.,network manager 140) prevents an illegitimate user (e.g., user 108-5 ofthe second communication device 160-X in this example) access to thenetwork 191.

In accordance with one embodiment, the WiFi network manager can respondto detecting misuse in accordance with corresponding business rules.

As an example, in one embodiment, in response to detecting the misuse ofthe unique identifier value 23790298, the gateway manager 142 can beconfigured to challenge one or both of the users 108-1 and 108-5 toinput the appropriate password associated with unique identifier value23790298. In such an embodiment, the gateway manager 142 notifies accesspoint 620-1 that communication device 160-X may have misappropriatedunique identifier value 23790298. The gateway manager 142 notifiesaccess point 150-2 that communication device 160-1 may havemisappropriated unique identifier value 23790298.

Each of access points 620-1 and 150-2 temporarily prevents access to allresources in network 191 and challenges a respective user to provide theappropriate password information. Upon receipt of different inputtedpassword information, the access points 620-1 and 150-2 forward thepassword information to gateway manager 142. Gateway manager 142analyzes subscriber information 165 to determine that subscriberinformation 165-2 includes the unique identifier value 23790298. Thecorresponding password information is SUPER12345. The gateway manager142 compares the password information received from each communicationdevice 160-1 and 160-X to determine which user provides a value thatmatches SUPER12345. In this example, assume that user 108-1 provides theappropriate password information SUPER12345 and that user 108-5 doesnot. That is, user 108-5 provides an incorrect password.

Because the user 108-1 provides the proper password informationassociated with unique identifier value 23790298, the user 108-1 andcommunication device 160-1 are able to continue using the network 191-3to access network 190 and its resources. The user 108-5 is denied accessbecause she did not provide the proper password information.

As mentioned, it is possible that the user 108-5 of the secondcommunication device 160-X misappropriated use of the unique identifiervalue 23790298 assigned to the first device.

Thus, in the manner as discussed herein, the network manager 140 (e.g.,registration server 141 and gateway manager 142) can initially provide asubscriber repeated, unencumbered access to the WiFi network withoutrequiring the subscriber to submit additional and difficult-to-rememberinformation. Instead, as discussed herein, the unique identifier valuesuch as a network address assigned to the communication device serves asa credential enabling access to the WiFi network. Upon detection ofmisuse of the a unique identifier value to obtain access to the WiFinetwork, the WiFi network manager implements measures to determine whichuser properly uses the network address and which one misappropriates useof the network address.

To provide a further measure of security, the network manager 140 can beconfigured to allow a communication device having a valid uniqueidentifier value to access the resources associated with network 191 atthe different geographical locations for a predetermined amount of timebefore challenging the user to provide the password information. Forexample, the network manager 140 sets a timer value to indicate that theunique identifier value is valid for use up to 2 months without thenetwork manager 140 performing a challenge to the respective user whenconnecting to the network 191. After the expiration of the time limit(e.g., 2 months in this example), the network manager 140 challenges thecorresponding to provide the appropriate password information on a nextattempt to establish a communication session with network 191. Thishelps to ensure that the unique identifier value is not misappropriated.Upon receiving the appropriate password information after the time limitexpires, the subscriber may be afforded another two months ofunencumbered use in which the subscriber can establish a communicationsession based on submission of the appropriate unique identifier valuecredential.

In one embodiment, as an alternative to determining misuse as a resultof simultaneous use by multiple communication devices using the sameunique identifier value to access network resources, the network manager140 and corresponding resources can be configured to determine themisuse based on detecting attempted back-to-back use of the uniqueidentifier value by a first communication device and a secondcommunication device to access the WiFi network within a predeterminedtime.

For example, FIG. 7 is an example diagram illustrating is a graph oftime versus distance to determine whether a communication device can usethe WiFi network at disparate locations according to embodiments herein.The graph 700 illustrates that a valid subscriber cannot establishback-to-back communication sessions with network 191 that are within 50miles of each other in less than 30 minutes; the graph 700 furtherindicates that a user is not able to use two different geographicallylocated networks 191 within 250 miles of each other unless a time ofgreater than 1.5 hours has elapsed, and so on.

Thus, in accordance with graph 700, it is assumed that a subscribercannot reasonably travel from one geographical location to another inless than a certain amount of time. Thus, if a unique identifier valueis used at two different locations within a value as specified by thegraph 700, then it is assumed that the unique identifier value is beingimproperly used to access resources associated with network 191.

FIG. 8 is an example diagram illustrating a condition in which acommunication device is denied use of a WiFi network at multipledisparate access points according to embodiments herein. In oneembodiment, the network manager 140 logs the different communicationsessions over time.

In this example, assume that a communication device submits uniqueidentifier value 23790298 as a valid credential resulting in anestablished communication session with access point 150-1 (e.g., inBoston) that last between 10 am and 12 noon. After termination of thesession #1, assume that a communication device submits unique identifiervalue 23790298 as a valid credential at 12:30 pm to establish a newcommunication session with access point 150-2.

In this example, the gateway manager 142 determines a difference inmileage between access point 150-1 (Boston) and access point 150-2(Philadelphia). Assume that the distance is 250 miles. The gatewaymanager 142 uses graph 700 to map 250 miles to a value of 1.5 hours. Thedelta time 850 in this example between communication sessions is 0.5hours. A subscriber could not be located in Boston at 12 pm andsubsequently reside at location within 0.5 hours. Since delta time 850(i.e., 0.5 hours) is less than the time value of 1.5 hours, theattempted communication session at 12:30 pm is denied.

FIG. 9 is an example diagram illustrating a condition in which acommunication device is granted use of a WiFi network at multipledisparate access points according to embodiments herein.

In this example, assume that a communication device submits uniqueidentifier value 23790298 as a valid credential resulting in anestablished communication session #3 with access point 150-1 (e.g., inBoston) that last between 10 am and 11:30 am. Assume that acommunication device submits unique identifier value 23790298 as a validcredential at 2:30 pm to establish a communication session #4 withaccess point 150-2 (e.g., in Philadelphia).

In this example, the gateway manager 142 determines a difference inmileage between access point 150-1 (Boston) and access point 150-2(Philadelphia). Assume that the distance is 250 miles. The gatewaymanager 142 uses graph 700 to map 250 miles to a value of 1.5 hours. Thedelta time 950 in this example between communication sessions is 3.0hours. A subscriber could be located in Boston at 11:30 pm andsubsequently reside at the Philadelphia location within 3.0 hours. Sincedelta time 950 (i.e., 3.0 hours) is greater than less than the deltatime value 950 of 1.5 hours, the attempted communication session at 2:30pm is granted.

FIG. 10 is an example block diagram of a computer system forimplementing any of the operations as discussed herein according toembodiments herein.

As shown, computer system 1050 of the present example can include aninterconnect 811 that couples computer readable storage media 812 suchas a non-transitory type of hardware storage media (i.e., any type ofhardware storage medium) in which digital information can be stored andretrieved, a processor 813, I/O interface 814, and a communicationsinterface 817.

I/O interface 814 provides connectivity to a repository 180 and, ifpresent, other devices such as a playback device, keypad, a computermouse, etc.

Computer readable storage medium 812 can be any hardware storage devicesuch as memory, optical storage, hard drive, floppy disk, etc., in whichto store data or information. In one embodiment, the computer readablestorage medium 812 stores instructions and/or data as discussed herein.

Communications interface 817 enables the computer system 1050 andprocessor 813 (e.g., processor device) to communicate over a resourcesuch as network 190 to retrieve information from remote sources andcommunicate with other computers. I/O interface 814 enables processor813 to retrieve stored information from repository 180.

As shown, computer readable storage media 812 is encoded with networkmanager application 140-1 (e.g., any suitable software, firmware, etc.)executed by processor 813. Network manager application 140-1 can beconfigured to include instructions to implement any of the operations asdiscussed herein.

During operation of one embodiment, processor 813 accesses computerreadable storage media 812 via the use of interconnect 811 in order tolaunch, run, execute, interpret or otherwise perform the instructions innetwork manager application 140-1 stored on computer readable storagemedium 812.

Execution of the network manager application 140-1 produces processingfunctionality such as network manager process 140-2 in processor 813. Inother words, the network manager process 140-2 associated with processor813 represents one or more aspects of executing network managerapplication 140-1 within or upon the processor 813 in the computersystem 150.

Those skilled in the art will understand that the computer system 150can include other processes and/or software and hardware components,such as an operating system that controls allocation and use of hardwareresources to execute communication manager application 140-1.

In accordance with different embodiments, note that computer system maybe any of various types of devices, including, but not limited to, amobile computer, a personal computer system, a wireless device, basestation, phone device, desktop computer, laptop, notebook, netbookcomputer, mainframe computer system, handheld computer, workstation,network computer, application server, storage device, a consumerelectronics device such as a camera, camcorder, set top box, mobiledevice, video game console, handheld video game device, a peripheraldevice such as a switch, modem, router, or in general any type ofcomputing or electronic device. The computer system 150 may reside atany location or can be included in any suitable resource in networkenvironment 100 to implement functionality as discussed herein.

Note that any of the resources as discussed herein can include aprocessor and corresponding hardware storage medium that storesinstructions to carry out embodiments herein. For example, eachcommunication device 160, access point, server, etc., can be configuredto include a processor, hardware data storage, etc., to carryfunctionality as discussed herein.

Functionality supported by the different resources will now be discussedvia flowcharts in FIGS. 11-15. Note that the steps in the flowchartsbelow can be executed in any suitable order.

FIG. 11 is a flowchart 1100 illustrating an example method ofcontrolling access to a network according to embodiments. Note thatthere will be some overlap with respect to concepts as discussed above.

In step 1110, the network manager 140 stores a unique identifier valueas being a valid credential to access a WiFi network 191 including oneor more access points.

In step 1120, the network manager 140 monitors use of the uniqueidentifier value to access the WiFi network.

In step 1130, in response to detecting misuse of the unique identifiervalue to access the WiFi network, the network manager 140 at leasttemporarily prevents a resource that is assigned the unique identifiervalue from accessing the WiFi network.

FIGS. 12 and 13 combine to form a flowchart 1200 (e.g., flowchart 1200-1and flowchart 1200-2) illustrating an example method of providing accessto a network according to embodiments herein. Note that there will besome overlap with respect to concepts as discussed above.

In step 1210, the access point 150-1 receives a request from a user108-1 for access to a WiFi network 191-2. The request includes a networkaddress 23790298 of the communication device 160-1 operated by the user108-1.

In step 1220, responsive to detecting that the network address 23790298of the communication device is currently not a valid credential toaccess the network 191-2, the access point 150-1 redirects the user(request) to a service provider portal to register the user 108-1 and/orcommunication device 160-1 as a subscriber.

In step 1230, via the service provider portal (e.g., registration server141), the network manager 140 receives authorization information fromthe new subscriber. In one embodiment, the authorization informationincludes access credentials such as password information.

In step 1240, the network manager 140 associates the passwordinformation, network address, etc., to the user 108-1 and/orcommunication device 160-1.

In step 1250, the network manager 140 stores the network address23790298 as being a valid credential to subsequently access (e.g., use)resources associated with network 191 including multiple access pointsand networks located at different geographical regions.

In step 1260, the network manager 140 monitors use of the networkaddress 23790298 to access the WiFi network 191 at each of multiplelocations.

In step 1310 of flowchart 1200-2 in FIG. 13, in response to detectingmisuse of the network address 23790298, the network manager 140 and/oraccess point at least temporarily prevents a resource that is assignedthe network address from accessing the network 191.

In sub-step 1320, an access point detects simultaneous use of thenetwork address by a first communication device and a secondcommunication device to access the WiFi network. As an alternative tosub-step 1310, the network manager and/or access point detectsback-to-back use of the network address by a first communication deviceand a second communication device to access the network within apredetermined time as calculated from graph 700.

In step 1340, in response to detecting the misuse at a time subsequentto the registering, the network manager 140 and/or access pointchallenges a user of the communication device to submit appropriatepassword information.

FIGS. 14 and 15 combine to form a flowchart 1400 (e.g., flowchart 1400-1and flowchart 1400-2) illustrating an example method of obtainingnetwork access according to embodiments herein. Note that there will besome overlap with respect to concepts as discussed above.

In step 1410, the communication device 160-1 receives a command from auser to register communication device 160-1 for use of network 191.Registration of the communication device 160-1 is a pre-condition to thecommunication device 160-1 using the network 191.

From the communication device, and during the registration:

-   -   In step 1430, the communication device 160-1 inputs a network        address 23790298 of the communication device 160-1 through an        access point to gateway manager 142 controlling access to the        network 191.    -   In step 1440, the communication device 160-1 inputs password        information (e.g., SUPER12345) associated with the communication        device 160-1 to the gateway manager 142.

In step 1450, subsequent to the registration, the communication device160-1 receives repeated access (e.g., via respective communicationsessions) to different locations of the network 191 based on submissionsof the network address 23790298 to the gateway manager 142.

In step 1510, while the first communication device 160-1 uses thenetwork address 23790298 to access the network 191:

In step 1520, the communication device 160-1 or respective access pointreceives notification from the gateway manager 142 that a secondcommunication device 160-X attempted to access the network 191 viasubmission of the network address 23790298 by the second communicationdevice 160-X.

In step 1530, the communication device 160-1 receives a request from thegateway manager 142 to input password information previously providedduring the registration. The gateway manager 142 requires the firstcommunication device 160-1 to provide the password information inresponse to detecting that the second communication device 160-Xattempts to access the network 191 via submission of the network address23790298 by the second communication device 160-X.

In step 1540, responsive to the first communication device 160-1inputting the password information, the user of communication device160-1 receives notification from the gateway manager 142 through arespective access point that the first communication device 160-1 isgranted continued use of the network 191. In other words, the gatewaymanager 142 provides continued use of the network 191 to the firstcommunication device 160-1 because it appears to be a valid subscriber.

As an alternative to step 1540, in step 1550, responsive to the firstcommunication device failing to input the password information, thecommunication device 160-1 receives notification from the gatewaymanager 142 that the first communication device 160-1 has been deniedcontinued use of the network 191.

Note again that techniques herein are well suited for selectivelyproviding access to a WiFi network. However, it should be noted thatembodiments herein are not limited to use in such applications and thatthe techniques discussed herein are well suited for other applicationsas well.

Based on the description set forth herein, numerous specific detailshave been set forth to provide a thorough understanding of claimedsubject matter. However, it will be understood by those skilled in theart that claimed subject matter may be practiced without these specificdetails. In other instances, methods, apparatuses, systems, etc., thatwould be known by one of ordinary skill have not been described indetail so as not to obscure claimed subject matter. Some portions of thedetailed description have been presented in terms of algorithms orsymbolic representations of operations on data bits or binary digitalsignals stored within a computing system memory, such as a computermemory. These algorithmic descriptions or representations are examplesof techniques used by those of ordinary skill in the data processingarts to convey the substance of their work to others skilled in the art.An algorithm as described herein, and generally, is considered to be aself-consistent sequence of operations or similar processing leading toa desired result. In this context, operations or processing involvephysical manipulation of physical quantities. Typically, although notnecessarily, such quantities may take the form of electrical or magneticsignals capable of being stored, transferred, combined, compared orotherwise manipulated. It has been convenient at times, principally forreasons of common usage, to refer to such signals as bits, data, values,elements, symbols, characters, terms, numbers, numerals or the like. Itshould be understood, however, that all of these and similar terms areto be associated with appropriate physical quantities and are merelyconvenient labels. Unless specifically stated otherwise, as apparentfrom the following discussion, it is appreciated that throughout thisspecification discussions utilizing terms such as “processing,”“computing,” “calculating,” “determining” or the like refer to actionsor processes of a computing platform, such as a computer or a similarelectronic computing device, that manipulates or transforms datarepresented as physical electronic or magnetic quantities withinmemories, registers, or other information storage devices, transmissiondevices, or display devices of the computing platform.

While this invention has been particularly shown and described withreferences to preferred embodiments thereof, it will be understood bythose skilled in the art that various changes in form and details may bemade therein without departing from the spirit and scope of the presentapplication as defined by the appended claims. Such variations areintended to be covered by the scope of this present application. Assuch, the foregoing description of embodiments of the presentapplication is not intended to be limiting. Rather, any limitations tothe invention are presented in the following claims.

We claim:
 1. A method comprising: via computer processor hardware,performing operations of: detecting first use of a network address toestablish a first communication session with a first wireless accesspoint; subsequent to termination of the first communication session,detecting second use of the network address to establish a secondcommunication session over a second wireless access point; in responseto detecting that the second use of the network address occurs within athreshold amount of time following the termination of the firstcommunication session, denying the second communication session andcorresponding use of the second wireless access point; and wherein amagnitude of the threshold amount of time is derived based on a distancebetween the first wireless access point and the second wireless accesspoint.
 2. The method as in claim 1 further comprising: detectingnon-simultaneous use of the network address by a first communicationdevice and a second communication device, the first communication deviceusing the network address to establish the first communication sessionwith the first wireless access point, the second communication deviceattempting to use the network address to establish the secondcommunication session with the second wireless access point.
 3. Themethod as in claim 2 further comprising: providing a notification to anoperator of the first communication device that the second communicationdevice attempted to use the network address to establish the secondcommunication session.
 4. The method as in claim 1, wherein denying thesecond communication session further comprises: calculating a timedifference between the termination of the first communication sessionand a beginning of the second communication session; and detecting thatthe time difference is less than the threshold amount of time.
 5. Themethod as in claim 1 further comprising: detecting the first use basedon a first communication device supplying the network address to thefirst wireless access point to establish the first communication sessionover the first wireless network; and detecting the second use based on asecond communication device supplying the network address to the secondwireless access point to establish the second communication session overthe second wireless network.
 6. The method as in claim 1 furthercomprising: storing the network address as being a valid credential toaccess the wireless network, the network address received from acommunication device operated by a subscriber during registration of thesubscriber to use a wireless network including the first wireless accesspoint and the second wireless access point.
 7. The method as in claim 1,wherein a first communication device uses the network address toestablish the first communication session; and wherein a secondcommunication device uses the network address to establish the secondcommunication session.
 8. The method as in claim 7, wherein the firstwireless access point and the second wireless access point both are partof a service provider's wireless network providing access to theInternet.
 9. The method as in claim 1 further comprising: in response todetecting the second use of network address within the threshold amountof time of the first communication session being terminated: challenginga resource attempting to establish the second communication session tosubmit a credentials; and providing the resource access to the wirelessnetwork in response to detecting that the resource submits anappropriate password associated with the network address.
 10. The methodas in claim 1, wherein the threshold amount of time is based on a traveltime of a user operating a communication device assigned the networkaddress.
 11. The method as in claim 1 further comprising: challenging auser of a communication device assigned the network address to submit apassword; and in response to receiving the password, providing thecommunication device use of the first communication session in responseto detecting that the user submits an appropriate password.
 12. Themethod as in claim 1, wherein detecting first use of the network addressto establish the first communication session with the first wirelessaccess point includes: receiving the network address from a firstcommunication device requesting to establish the first communicationsession with the first wireless access point; and wherein detectingsecond use of the network address to establish the second communicationsession over the second wireless access point includes: receiving thenetwork address from a second communication device requesting toestablish the second communication session with the second wirelessaccess point.
 13. A method comprising: via computer processor hardware,performing operations of: detecting first use of a network address toestablish a first communication session with a first wireless accesspoint; subsequent to termination of the first communication session,detecting second use of the network address to establish a secondcommunication session over a second wireless access point; and inresponse to detecting that the second use of the network address occurswithin a threshold amount of time following the termination of the firstcommunication session, denying the second communication session andcorresponding use of the second wireless access point; the methodfurther comprising: preventing use of the network address to establish acommunication session until after the threshold amount of time haspassed with respect to the termination of the first communicationsession, the magnitude of the threshold amount of time derived based ona estimated distance between the first wireless access point and thesecond wireless access point.
 14. A computer system comprising: computerprocessor hardware; and a hardware storage resource in communicationwith the computer processor hardware, the hardware storage resourcestoring instructions that, when executed by the computer processorhardware device, cause the computer processor hardware to: detect firstuse of a network address to establish a first communication sessionusing a first wireless access point; subsequent to termination of thefirst communication session, detect second use of the network address toestablish a second communication session over a second wireless accesspoint; and in response to detection that the second use of the networkaddress occurs within a threshold amount of time following thetermination of the first communication session, deny the secondcommunication session and corresponding use of the second wirelessaccess point; and wherein the threshold amount of time is derived basedat least in part on a distance between the first wireless access pointand the second wireless access point.
 15. The computer system as inclaim 14, wherein the instructions, when executed, further cause thecomputer processor hardware to: detect non-simultaneous use of thenetwork address by a first communication device and a secondcommunication device, the first communication device using the networkaddress to establish the first communication session with the firstwireless network, the second communication device attempting to use thenetwork address to establish the second communication session with thesecond wireless network.
 16. The computer system as in claim 15, whereinthe instructions, when executed, further cause the computer processorhardware to: provide a notification to an operator of the firstcommunication device that the second communication device attempted touse the network address to establish the second communication session.17. The computer system as in claim 14, wherein the instructions, whenexecuted, further cause the computer processor hardware to: prevent useof the network address to establish a communication session until afterthe threshold amount of time has passed with respect to the terminationof the first communication session, the magnitude of the thresholdamount of time derived based on a distance between the first wirelessaccess point and the second wireless access point.
 18. The computersystem as in claim 14, wherein the instructions, when executed, furthercause the computer processor hardware to: calculate a time differencebetween occurrence of the termination of the first communication sessionand a beginning of the second communication session; and detect that thetime difference is less than the threshold amount of time.
 19. Thecomputer system as in claim 14, wherein the instructions, when executed,further cause the computer processor hardware to: detect the first usebased on a first communication device supplying the network address tothe first wireless access point to establish the first communicationsession over the first wireless network; and detect the second use basedon a second communication device supplying the network address to thesecond wireless access point to establish the second communicationsession over the second wireless network.
 20. The computer system as inclaim 14, wherein the instructions, when executed, further cause thecomputer processor hardware to: store the network address as being avalid credential to access the wireless network, the network addressreceived from a communication device operated by a subscriber duringregistration of the subscriber to use a wireless network including thefirst wireless access point and the second wireless access point. 21.The computer system as in claim 14, wherein a first communication deviceuses the network address to establish the first communication session;and wherein a second communication device uses the network address toestablish the second communication session.
 22. The computer system asin claim 21, wherein the first wireless access point and the secondwireless access point both are part of a service provider's wirelessnetwork providing access to the Internet.
 23. Computer-readable storagehardware having instructions stored thereon, the instructions, whencarried out by computer processor hardware, cause the computer processorhardware to: detect first use of a network address to establish a firstcommunication session with a first wireless access point; subsequent totermination of the first communication session, detect second use of thenetwork address to establish a second communication session over asecond wireless access point; and in response to detecting that thesecond use of the network address occurs within a threshold amount oftime following the termination of the first communication session, denythe second communication session and corresponding use of the secondwireless access point; and wherein the threshold amount of time isderived based on a time in which the user is able to travel from onegeographical location to another.
 24. A method comprising: via computerprocessor hardware, performing operations of: detecting first use of anetwork address to establish a first communication session with a firstwireless access point; subsequent to termination of the firstcommunication session, detecting second use of the network address toestablish a second communication session over a second wireless accesspoint; and in response to detecting that the second use of the networkaddress occurs within a threshold amount of time following thetermination of the first communication session, denying the secondcommunication session and corresponding use of the second wirelessaccess point; and wherein the threshold amount of time is derived basedon a time in which the user is able to travel from one geographicallocation to another.